WhatsApp has notified roughly 200 users who were deceived into downloading a counterfeit version of the messaging app that had been laced with spyware. The platform said the fraudulent app was built by Italian surveillance software company SIO and was designed to target iPhone users.
In a statement to TechCrunch, WhatsApp said its security team tracked down the affected accounts, most of whom were based in Italy. The company has since logged all of them out of the platform and sent direct alerts warning them of the threat.
WhatsApp has not revealed the targeted users:
WhatsApp has declined to identify the users who were targeted in the attack. The company said it has served a legal notice to SIO, demanding the firm halt its operations. This is not the first time SIO has been linked to the creation of malicious applications.
“Our security team proactively identified around 200 users primarily in Italy who we believe may have downloaded this malicious unofficial client,” WhatsApp said in its statement. “We have logged them out, alerted [them] to the risks to their privacy and security that come with downloading fake unofficial clients, and encouraged them to remove it and download the official WhatsApp app.”
TechCrunch had previously reported that SIO was responsible for a string of malicious Android applications carrying its spyware, among them counterfeit versions of WhatsApp and bogus customer support apps impersonating mobile network providers.
The company is also reported to develop spyware for government clients through its subsidiary ASIGINT. Researchers identified the spyware by the name Spyrtacus — a word that surfaced directly within the malicious code itself.
WhatsApp users were earlier targeted by spyware attacks
Last year, the platform notified roughly 90 people that they had been targeted using surveillance software developed by Paragon Solutions, a US-Israeli spyware company. The alerts went out to journalists and pro-immigration activists, among others. The back-to-back incidents point to a growing pattern of commercial spyware operators using WhatsApp as a vector to reach high-value targets, raising fresh questions about the platform’s ability to shield vulnerable users from sophisticated state-linked surveillance tools.